[Qa-jenkins-scm] [jenkins.debian.net] 05/07: reproducible Debian: Greate GPG key on nodes at deploy time, not "lazily".
Holger Levsen
holger at layer-acht.org
Mon Oct 31 21:37:01 UTC 2016
This is an automated email from the git hooks/post-receive script.
holger pushed a commit to branch master
in repository jenkins.debian.net.
commit fadd6ac719be7514ee0f54a787b36df81fda17df
Author: Chris Lamb <lamby at debian.org>
Date: Sat Oct 29 11:25:57 2016 +0100
reproducible Debian: Greate GPG key on nodes at deploy time, not "lazily".
Signed-off-by: Chris Lamb <lamby at debian.org>
Signed-off-by: Holger Levsen <holger at layer-acht.org>
---
bin/reproducible_build.sh | 18 ------------------
update_jdn.sh | 23 +++++++++++++++++++++++
2 files changed, 23 insertions(+), 18 deletions(-)
diff --git a/bin/reproducible_build.sh b/bin/reproducible_build.sh
index d4d2e58..a377280 100755
--- a/bin/reproducible_build.sh
+++ b/bin/reproducible_build.sh
@@ -774,24 +774,6 @@ check_buildinfo() {
}
sign_buildinfo() {
- # Greate GPG key if it does not already exist
- if ! gpg --with-colons --fixed-list-mode --list-secret-keys | cut -d: -f1 | grep -qsFx 'sec' >/dev/null 2>&1
- then
- log_info "Generating GPG key"
-
- gpg --no-tty --batch --gen-key <<EOF
-Key-Type: RSA
-Key-Length: 4096
-Key-Usage: sign
-Name-Real: $(hostname -f)
-Name-Comment: Automatically generated key for signing .buildinfo files
-Expire-Date: 0
-%no-ask-passphrase
-%no-protection
-%commit
-EOF
- fi
-
log_info "Signing $BUILDINFO as $BUILDINFO_SIGNED"
gpg --output=$BUILDINFO_SIGNED --clearsign $BUILDINFO
log_info "Signed $BUILDINFO as $BUILDINFO_SIGNED"
diff --git a/update_jdn.sh b/update_jdn.sh
index 20ba061..0eb2249 100755
--- a/update_jdn.sh
+++ b/update_jdn.sh
@@ -678,6 +678,29 @@ if [ "$HOSTNAME" = "jenkins" ] || [ "$HOSTNAME" = "jenkins-test-vm" ] ; then
rm -f $TMPFILE
fi
+# Greate GPG key on nodes if they do not already exist in order to sign .buildinfo files
+if [ "$HOSTNAME" != "jenkins" ] || [ "$HOSTNAME" = "jenkins-test-vm" ] ; then
+
+ if gpg --with-colons --fixed-list-mode --list-secret-keys | cut -d: -f1 | grep -qsFx 'sec' >/dev/null 2>&1
+ then
+ explain "$(date) Not generating GPG key as one already exists"
+ else
+ explain "$(date) Generating GPG key"
+
+ gpg --no-tty --batch --gen-key <<EOF
+Key-Type: RSA
+Key-Length: 4096
+Key-Usage: sign
+Name-Real: $(hostname -a)
+Name-Comment: Automatically generated key for signing .buildinfo files
+Expire-Date: 0
+%no-ask-passphrase
+%no-protection
+%commit
+EOF
+ fi
+fi
+
#
# almost finally…
#
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/qa/jenkins.debian.net.git
More information about the Qa-jenkins-scm
mailing list